I'm not one who obsesses over my data privacy. I mean, as far as my life goes...I like it...but to the outsider I suspect it would be pretty boring. So if someone wants to snoop on me I really don't care.
But even I found this a tad disturbing...
Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
For the record, "Forensic Data" translates to "All Your Personal Information"
I honestly don't have an issue with Law Enforcement having access to this sort of thing. They have the right to obtain the data anyway so this just seems like an easy way for them to get what they need. If anything, it saves me money as a tax payer.
But I do have a couple issues here...
1. Though I understand why the Government would want a device like this I think its irresponsible for Microsoft to provide it. Microsoft's job when making an OS is to make it as secure as possible. I, as a Microsoft customer, trust that they will do everything they can to make their system secure (as they claim to do). The fact that they'd even build a device like this seems like a violation of that trust. Especially since it seems they put hooks into the OS to facilitate its creation.
2. My understanding is that this is no bigger than a thumb drive which makes me certain at least one will fall into the wrong hands. Given that I don't see why they didn't make it bigger and harder to steal. Particularly since, despite what the original article says, the police have to seize the PC anyway (to maintain a chain of evidence) so portability isn't an issue.
To me, this is the best argument I've seen for Open Source in a while. If Microsoft is inclined to put hooks into its OS which allow for the quick bypassing of the system's security I'd at least like to know. The fact that they felt the need to, as the article says, "quietly" distribute this says to me that they knew I'd want to know and specifically took steps to hide it from me.
That bothers me.
As a Microsoft customer I think their responsibility is to me not to law enforcement. The fact that they don't see it that way makes a pretty compelling argument for systems with source that is open for everyone to see.
Addendum: Since I’ve already gotten two e-mails on this I wanted to clarify something. When I said…
“Particularly since, despite what the original article says, the police have to seize the PC anyway”
I was taking that from a friend who is an assistant District Attorney (and who I IMed while writing the post)
This is conceptually pretty simple. The cops can use this device and get all your files but they aren’t going to go over each file right then and there. Since there’s no ruling in existence saying this Microsoft device is admissible in place of the computer itself the cops have to take the computer with them. Otherwise you could erase the files between when the cops used the device and when they came back to actually confiscate the computer.